I am having problems with the following statement, I know its probably something small and silly but I cant seem to find the solution.
$field_sql = 'SHOW FIELDS FROM '.$table ' WHERE FIELD '=''.$column';
You're missing a dot and have quotes when you don't need them:
$field_sql = 'SHOW FIELDS FROM ' . $table . ' WHERE FIELD = ' . $column;
^ ^^^ ^
Missing Removed extra quotes
However, for SQL string values, you probably want the quotes, so you can use different quotes than the ones you're using to denote the string:
$field_sql = 'SHOW FIELDS FROM `' . $table . '` WHERE FIELD = "' . $column . '"';
I also added backticks for the table name.
$field_sql = 'SHOW FIELDS FROM ' . $table . ' WHERE FIELD = '.$column;
You cna try with
$field_sql= 'SHOW FIELDS FROM ' . $table . ' WHERE FIELD =' . $column;
Related
I need help in getting the text instead of value.
I have gone through all the websites some of them says use javascript into this.
This is the plugin.(si contact form)
Here if i do $_POST it gives [array([0]=>1)] only value not text.
Below is the code i have searched where they are framing.
$string .= '<option value="' . $opts_cnt.' "' . $selected . '>'.esc_attr($opt).'</option>'."\n";
$opts_cnt ----->value
$esc_attr($opt)-------> text
i tried changing this way
$string .= ' <option value="' . $opts_cnt.' "." '.esc_attr($opt).' "' . $selected . '>'.esc_attr($opt).'</option>'."\n";
i tried in many permutation and combination ways.
"." if i am not inserting this its gives error message
At last i need the code to be in this format
$string .= ' <option value="' . $opts_cnt.' '.esc_attr($opt).' "' . $selected . '>'.esc_attr($opt).'</option>'."\n";
Even this is not working.
If you remove the value attribute from the option tag then you should get the actual text for the option:
Try:
$string .= '<option ' . $selected . '>'.esc_attr($opt).'</option>'."\n";
What am I doing wrong here? When it populates the options it shows $name[0] and not the info from the DB. Though the correct number of options seem to be available.
<?php
//connect to database
$conn = mysqli_connect("example.com", "timemin", "Pass123", "timesheet");
//query database for items to populate
$sql = "SELECT DIS_NAME, NAME FROM INVITEM";
$query = mysqli_query($conn, $sql);
echo '<select>';
echo '<option value="">Choose your favorite fruit</option>';
while($name = mysqli_fetch_assoc($query)){
echo '<option value="' . '$name[1]' . '">' . '$name[0]' . '</option>';
}
echo '</select>';
echo $query;
?>
Should be as follows, you quoted variables, that was the problem.
echo '<option value="' . $name['DIS_NAME'] . '">' . $name['NAME'] . '</option>';
Also as RiggsFolly mentioned, you used fetch_assoc so the array keys will be named accordingly DIS_NAME and NAME.
Credit to RiggsFolly for spotting this.
In php, there are two types of quotes: single quotes and double quotes. Single quotes will not parse variables, double quotes will.
If you do want to use quotes, you could do something like this:
echo "<option value="."$name[1]".">$name[0]</option>";
So here, the double quotes will tell php to parse the variable names
However, I would recommend doing this:
echo '<option value="' . $name[1] . '">' . $name[0] . '</option>';
See this SO post for more.
I am having a small issue with some coding of mine. For some reason my entries aren't dropping in my DB. Any suggestions would be greatly appreciated! Here is my code...
<?php
$dbhost="localhost";
$dbname="DBNAME";
$dbuser="USER";
$dbpasswd="PASSWORD"; // connect to the db
$dbcxn = mysqli_connect($dbhost, $dbuser, $dbpasswd);
if (!$dbcxn) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysqli_select_db($dbcxn, $dbname);
if (!$db_selected) {
die ('Can\'t use dbreviews : ' . mysql_error());
}
$query = "INSERT INTO entries ( submitterFirstName, submitterLastName, submitterPhone, submitterEmail, referredFirstName, referredLastName, referredPhone, referredEmail, referredReason)
VALUES ('$submitterFirstName', '$submitterLastName', '$submitterPhone', '$submitterEmail', '$referredFirstName', '$referredLastName', '$referredPhone', '$referredEmail', '$referredProject')";
$result=mysqli_query($dbcxn, $query);
?>
The first thing you want to check is echo the query back to yourself and read it over.
Second, check the table structure. Make sure the column names are all spelled correctly and that all fields exist in your table (I've accidently forgotten to add a column before).
Third, you may or may not receive error messages depending on your configuration. But, you can manually check.
if (!$result) {
echo mysqli_error($dbcxn);
}
First thing first should be code formatting, it will help you read the code and consequently find your errors easier.
$query = "
INSERT INTO
entries
(
submitterFirstName,
submitterLastName,
submitterPhone,
submitterEmail,
referredFirstName,
" .
"referredLastName,
referredPhone,
referredEmail,
referredReason
)
" .
" VALUES
(
'$submitterFirstName',
'$submitterLastName',
'$submitterPhone',
' $submitterEmail',
'$referredFirstName'," .
"'$referredLastName',
'$referredPhone',
'$referredEmail',
'$referredProject'
);
"
The above is your query string split onto several lines, there are some errors which should be evident straight away? Once formatted I would do echo $query and view the output of $query.
Also try seeing if you can do an insert without using php (using mysql workbench, php admin etc) then compare it with the string value you have set as $query.
// less errors, please note that inside "" you can include php $vars without needing to escape.
$query = "
INSERT INTO
entries
(
submitterFirstName,
submitterLastName,
submitterPhone,
submitterEmail,
referredFirstName,
referredLastName,
referredPhone,
referredEmail,
referredReason
)
VALUES
(
'$submitterFirstName',
'$submitterLastName',
'$submitterPhone',
'$submitterEmail',
'$referredFirstName',
'$referredLastName',
'$referredPhone',
'$referredEmail',
'$referredProject'
);
";
Change your query variable to:
$query = "INSERT INTO entries " .
"( submitterFirstName, submitterLastName, submitterPhone, submitterEmail, referredFirstName, " .
" referredLastName, referredPhone, referredEmail, referredReason )" .
" VALUES ('" .
$submitterFirstName . "', '" .
$submitterLastName . "', '" .
$submitterPhone . "', '" .
$submitterEmail . "', '" .
$referredFirstName . "', '" .
$referredLastName . "', '" .
$referredPhone . "', '" .
$referredEmail . "', '" .
$referredProject . "')";
and it should be working.
Suggesting to use mysqli prepare
There is nothing wrong with my code, but I just cant help but wonder, should I wrap the $key with mysql_real_escape_string? This is just part of my Database function which is mainly used to pull data out of the database with table name and $where as arguments to the function. $where is to be an associative array with keys being column name, and values being the data.
This is what processes the $where array. Before this I have $sql = 'select * from ' . $table;
if(!empty($where)){
$where_count = count($where);
$sql .= ' WHERE ';
foreach($where as $key => $value){
$split_key = explode(' ', $key);
if(count($split_key) > 1){
$sql .= $key[0] . ' ' . $key[1] . ' "' . mysql_real_escape_string($value) . '" ';
} else {
$sql .= $key . ' = "' . mysql_real_escape_string($value) . '" ';
}
}
}
Filter ANY INPUT from the user that is going to be placed in your query. No doubt!
So if the keys are supplied by the user, YES and if they are generated in a safe manner, NO.
Take a look at SQL Injection to understand why filtering must be done.
I am not sure what is being asked here, but I can see one error:
$sql .= $key[0] . ' ' . $key[1] . ' "' . mysql_real_escape_string($value) . '" ';
should be
$sql .= $split_key[0] . ' ' . $split_key[1] . ' "' . mysql_real_escape_string($value) . '" ';
If you really want to quote field names, use backticks.
See http://dev.mysql.com/doc/refman/5.6/en/identifiers.html
The following statement creates a table named a`b that contains a
column named c"d:
CREATE TABLE `a``b` (`c"d` INT);
I need to rename columns in my MySQL table using PHP.
This is made difficult because the syntax is ALTER TABLE [table] CHANGE COLUMN [oldname] [newname] [definition]. The definition is a required parameter.
Is there a way to grab the definition and simply feed this back into the SQL statement? Some sample code would be fantastic, thanks!
According to http://codingforums.com/showthread.php?t=148936, you may have to parse the results of SHOW CREATE TABLE to get the current definition, then use that in the ALTER statement.
mysql_fetch_field() may be useful also.
You can read information_schema.
SHOW TABLE STATUS [{FROM | IN} db_name] [LIKE 'pattern' | WHERE expr]
Issue SHOW CREATE TABLE, read off the line describing the column that is of interest, identify the column definition and construct your ALTER TABLE statement.
My solution was this:
$table = "tableName";
$createTableSQL = $dbh->Execute('SHOW CREATE TABLE ' . $table);
$createTableSQL = $createTableSQL[0][1];
$mappingTable = "originalToDevMapping";
//get mapping
$sql = "SELECT origField, newField
FROM " . $mappingTable;
$newColumns = $dbh->Execute($sql);
foreach ($newColumns as $newColumn) {
if (strlen($newColumn['newField'])<1) {
echo "***Removing*** " . $newColumn['origField'] . "<br><br>";
$sql = "ALTER TABLE " . $table . " DROP COLUMN " . $newColumn['origField'];
$dbh->Execute($sql);
if (strlen($dbh->errorStr)>1) {
echo "<br>************************<br>";
echo "<br>ERROR:<br>";
echo $dbh->errorStr;
echo "<br>************************<br>";
}
} else {
echo "Renaming " . $newColumn['origField'] . " to " . $newColumn['newField'] . "<br><br>";
$sql = "ALTER TABLE " . $table . " CHANGE COLUMN " . $newColumn['origField'] . " " . $newColumn['newField'];
$fieldPos = strpos($createTableSQL,$newColumn['origField']);
$definitionStart = $fieldPos + strlen($newColumn['origField']) + 2;
$definitionEnd = strpos($createTableSQL,',',$definitionStart) - 1;
$definition = substr($createTableSQL,$definitionStart,$definitionEnd-$definitionStart+1);
//workaround - if enum type, comma is included.
if (strstr($definition,'enum')) {
//look for comma after enum end bracket.
$commaPos = strpos($createTableSQL, ',', strpos($createTableSQL,')',$definitionStart));
$definition = substr($createTableSQL,$definitionStart,$commaPos-$definitionStart);
}
$dbh->Execute($sql . " " . $definition);
if (strlen($dbh->errorStr)>1) {
echo "<br>************************<br>";
echo "ERROR:<br>";
echo $dbh->errorStr;
echo "<br>************************<br>";
}
}
}